Stories by Lucian Constantin

Users face serious threat as hackers take aim at routers, embedded devices

Home routers and other consumer embedded devices are plagued by basic vulnerabilities and can't be easily secured by non-technical users, which means they'll likely continue to be targeted in what has already become an increasing trend of mass attacks.

Researchers publicly disclose vulnerabilities in Oracle Java Cloud Service

Security researchers released technical details and proof-of-concept code for 30 security issues affecting Oracle's Java Cloud Service, some of which could allow attackers to compromise business-critical Java applications deployed on it.

Hacked passwords can enable remote unlocking, tracking of Tesla cars

Tesla Motors accounts are protected only by simple passwords, making it easy for hackers to potentially track and unlock cars, according to a security researcher.

Philips smart TVs open to remote attacks via default wireless connection, researchers say

The latest firmware in some Philips smart TV models opens an insecure Miracast wireless network, allowing potential attackers located in the signal range to control the TV remotely and perform unauthorized actions.

Cisco fixes denial-of-service flaws in IOS software for networking devices

Cisco Systems released security updates for its IOS software used on routers, switches and other networking gear in order to fix seven vulnerabilities that could be exploited by attackers to impact the performance of affected devices or force them to reboot.

Full Disclosure security mailing list reborn under new management

The recently closed Full Disclosure security mailing list, which served as an open discussion forum for security researchers since 2002, was replaced Tuesday with a new list that will serve the same purpose, but will require former members to resubscribe.

Gameover malware targets accounts on employment websites

A new variant of the Gameover computer Trojan is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts.

New BitCrypt ransomware variant distributed by bitcoin stealing malware

A new variant of a malicious program called BitCrypt that encrypts files and asks victims for bitcoin payments is being distributed by a computer Trojan that first pilfers bitcoin wallets.

Rogue apps could exploit Android vulnerability to brick devices, researchers warn

A vulnerability in Android that was publicly disclosed in mid-March could be exploited by malicious applications to force devices into an endless reboot loop, according to security researchers from Trend Micro.

Microsoft reviews investigation policies after admitting search of customer email

Microsoft promised to subject itself to a more rigorous process before searching through its customers' email accounts in the future after a recent legal case revealed that the company searched for evidence of theft of its trade secrets in a Hotmail account.

Fake Tor app has been sitting in Apple's App Store for months, Tor Project says

For the past several months Tor developers have unsuccessfully been trying to convince Apple to remove from its iOS App Store what they believe to be a fake and potentially malicious Tor Browser application.

Prominent security mailing list Full Disclosure shuts down indefinitely

The popular Full-Disclosure mailing list that has served as a public discussion forum for vulnerability researchers for the past 12 years was suspended indefinitely by its maintainer.

Hacker Diabl0 arrested in Thailand at the request of Swiss authorities

Russian-Morrocan hacker Farid Essebar, known online as Diabl0, was arrested in Bangkok at the request of law enforcement authorities from Switzerland who want him extradited to face charges in connection with computer fraud offenses and credit card information theft.

Proprietary firmware poses a security threat, Ubuntu founder says

Mark Shuttleworth, the founder of the popular Ubuntu Linux distribution, believes proprietary firmware and unverifiable firmware code poses a serious security threat to users and encourages hardware manufacturers to implement support for their innovations through the Linux kernel instead.

Bitcoin-stealing malware hidden in Mt. Gox data dump, researcher says

An archive containing transaction records from Mt. Gox that was released on the Internet last week by the hackers who compromised the blog of Mt. Gox CEO Mark Karpeles also contains bitcoin-stealing malware for Windows and Mac.

Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia